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Abstract. The research area of Networked Control Systems (NCS) has been 
the topic of intensive study in the last decade. In this paper we give a contri- 
bution to this research line by addressing symbolic control design of (possibly 
unstable) nonlinear NCS with specifications expressed in terms of automata. 
We first derive symbolic models that are shown to approximate the given NCS 
in the sense of (alternating) approximate simulation. We then address sym- 
bolic control design with specifications expressed in terms of automata. We 
finally derive efficient algorithms for the synthesis of the proposed symbolic 
controllers that cope with the inherent computational complexity of the prob- 
lem at hand. 



1. Introduction 

Networked Control Systems (NCS) are complex, heterogeneous, spatially dis- 
tributed systems where physical processes interact with distributed computing units 
through non-ideal communication networks. The complexity and heterogeneity of 
such systems is given by the interaction of at least three components: a plant 
process that is often described by continuous dynamics, a controller implementing 
algorithms on microprocessors for the control of the plant, and a communication 
network conveying information between the plant and the controller which is often 
characterized by non-idealities such as variable sampling/transmission intervals, 
variable communication delays, quantization errors, packet dropouts, communi- 
cation protocol and limited bandwidth. In the last decade, NCS have been the 
object of great interest in the research community and important results have been 
achieved, see e.g. [3] and the references therein. Most of the results on NCS mainly 
deals with stabilization problems under an imperfect communication network com- 
prising a subset of the aforementioned communication non-idealities. The work in 
PQ instead, considers all the aforementioned communication non-idealities and pro- 
poses control algorithms for solving problems with complex specifications expressed 
in terms of automata. The main drawbacks of the results reported in [1] are: 

(i) The plant in the NCS is supposed to be stable, which is quite restrictive in 
many application domains of interest. 
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Figure 1. Networked control system. 



(ii) The controllers proposed require a large computational complexity in their 
design. 

The present work improves the results established in pQ in two directions: 
(i') We extend our results to possibly unstable nonlinear networked control 
systems; 

(ii') We design efficient algorithms that cope with the computational complexity 
of the approach in [1] . 

For (i') we generalize the results reported in [7] from nonlinear control systems 
to nonlinear networked control systems. For (ii') we generalize the control algo- 
rithms we proposed in [3] for stable nonlinear control systems to unstable nonlinear 
networked control systems. 



2. Notation 

The symbols N, No, Z, R, R+ and Rj denote the set of natural, nonnegative 
integer, integer, real, positive real, and nonnegative real numbers, respectively. 
Given a set A we denote A 2 = A x A and A n+1 = A X A n for any n £ N. 
Given an interval [a,b] CI with a < b we denote by [a; b] the set [a, 6] D N. We 
denote by \x] = min{n £ Z|n > x} the ceiling of a real number x. Given a vector 
x £ R ra we denote by the infinity norm and by ||x||2 the Euclidean norm of 
x. Given (i G M + and A C R™, we set [A]^ = piL n n A; if B = \J ie[1 . N] A i 

then [B]fj, = {Ji^i-^dA}^)' 1 . Consider a bounded set A C 1™ with interior. Let 
H = [ai, bi] x [02, 62] x • • • x [« n , b n ] be the smallest hyperrectangle containing A and 
set pLA = mini = i j 2,...,n(&i — ai). It is readily seen that for any [i < (la and any a <E A 
there always exists b £ [A]^ such that ||a— 6|| < /i. Given a £ A C R" and a precision 
£ R + , the symbol [a] M denotes a vector in [ill 1 such that |a — [a}^\\ < pi/ 2. Any 
vector [a] M with a £ A can be encoded by a finite binary word of length [log 2 | [A]^ |] . 
Given a pair of sets A and B and a relation 1Z C A x B, the symbol denotes 
the inverse relation of 1Z, i.e. = {(b, a) £ £? x A : (a, 6) £ 1Z}. The cardinality 
of a finite set A is denoted by \A\. 

3. Networked Control Systems 

The class of Network Control Systems (NCS) that we consider in this paper 
has been introduced in pQ. In this section we briefly review this model. For more 
details the interested reader is referred to [T]. The network scheme of the NCS is 



INTEGRATED SYMBOLIC DESIGN OFUNSTABLE NONLINEAR NETWORKED CONTROL SYSTEMS 



(1) 



depicted in Figure [T] The direct branch of the network includes the plant P, that 
is a nonlinear control system of the form: 

x{t) = f(x(t),u(t)), 
x e x c R", 
ar(0) G X C X, 

«(■) eU, 

where x(t) and u(t) are the state and the control input at time t G Kg", X is the 
state space, Xq is the set of initial states and U is the set of control inputs that 
are supposed to be piecewise-constant functions of time from intervals of the form 
)a, b[C K to U C R m . We suppose that sets X and U are convex, bounded and with 
interior. The function / : X x U — > X is such that /(0, 0) = and assumed to be 
Lipschitz on compact sets. In the sequel we denote by x(f, xq,u) the state reached 
by ([1]) at time t under the control input u from the initial state Xq] this point is 
uniquely determined, since the assumptions on / ensure existence and uniqueness 
of trajectories. We assume that the control system P is forward complete, namely 
that every trajectory is defined on an interval of the form ]a, oo[. On the two sides 
of the plant P in Figure [TJ a Zero-order-Holder (ZoH) and a (ideal) sensor are 
placed. We assume that the ZoH and the sensor are synchronized and update their 
output values at times that are integer multiples of the same interval r G M + , i.e. 
u(sT + t) = u(st), y(sT + t) = y(sr) = x(st), t G [0, r[, s G No, where s is the index 
of the sampling interval (starting from 0). The evolution of the NCS is described 
iteratively in the following, starting from the initial time t = 0. Consider the fc-th 
iteration in the feedback loop. The sensor requests access to the network and after 
a waiting time A T ^ k q G [0, AJ^ X ], it sends at time i 2 fc the latest available sample 
Uk = [y(t2k)]n x w h ere Ma is the precision of the quantizer that follows the sensor 
in the NCS scheme in Figured! The sensor-to-controller (sc) link of the network 
introduces a delay A 2fc = A£ nd + A^ lay , with A*f y € [A^.A^], where 
^sond = \^°&2 I[-^1mx ll/-Bmax is the minimum time required to send the information 
over the sensor-to-controller branch, assuming a digital communication channel of 
bandwitdh -B max G K + (expressed in bits per second (bps)). The maximum network 
delay A^[ ay takes into account congestion, other accesses to the communication 
channel, any kind of scheduling protocol and a finite number of subsequent packet 
dropouts, which is assumed to be uniformly bounded. After that time, the sensor 
sample reaches the symbolic controller, that is expressed in terms of the function 
C : [X]^ — > [f/]^, with [i x < fix and fj, u < {ljj so that the domain and co-domain 
of C are non-empty. After a time Af rl e [A^, A^'J, the value u k+ i = C(y k ) 
is returned and it is sent through the network at time i2fc+i (after a bounded 
waiting time A™k+i ^ [OjA^aJx])- The controller-to- actuator (ca) link of the network 
introduces a delay A 2fe+1 = A- d + A^, where A^ G [A^.A^] and 
Agg nd = [log 2 |[J/]//Jl/-B max is the minimum time required to send the information 
over the controller-to-actuator branch of the network. After that time, the sample 
reaches the ZoH and at time t — Ak+iT the ZoH is refreshed to the control value 
Uk+i, with Ak+i — [~(t2fe+i + A 2 fc+i)/T~|. The next iteration starts and the sensor 
requests access to the network again. Consider now the sequence of control values 
{wfejfcgNo- Each value is held for Nk = Ak+i — Ak sampling intervals. Due to the 
bounded delays, one gets Nk G [A^ m j n ; A max ], with: 

(2) A min = rA min /T] , AU ax = fA raax /r] , 
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whprp wp opt A ■ — A sc 4- A ctrl 4- A ca 4- 9A dclay A — A sc 4- A ctrl 4- 
wneie we beL L± mm — ^ scnd -f ^ m i n T ^ S end + ZL *min > Umax — ^send + "max + 

A send + 2A max + 2A mix y - In the sequel we refer to the described NCS by E and to 
a trajectory of E with initial state Xq and control input u by x(., Xq,u). 

4. Systems, Approximate Equivalence and Composition 

We use the notion of system as a unified mathematical framework to describe 
NCS as well as their symbolic models. 

Definition 4.1. [6] A system S is a sextuple S — (A, Xq, U, ► , Y, H) consisting 

of: 

• a set of states X ; 

• a set of initial states Xq C X; 

• a set of inputs U ; 

• a transition relation »- C X x U x X ; 

• a set of outputs Y ; 

• an output function H : X — > Y . 

A transition (x,u,x') £ * is denoted by x — — •» x' . For such a transition, 

state x' is called a u-successor, or simply a successor, of state x. 

A state run of S is a (possibly infinite) sequence of transitions Xq " 1 » X\ " 2 > . . . 
with £ Xq. An output run is a (possibly infinite) sequence {?/i};eNo such that 
there exists a state run with yi = H(xi), i £ No. System S is said to be: 

• countable if X and U are countable sets; 

• symbolic if X and U are finite sets; 

• metric if the output set Y is equipped with a metric d : Y x Y — > Mj; 

• deterministic if for any a; £ X and it £ J7 there exists at most one state 

a;' £ A" such that a; — a;' for some u <EU; 

• non-blocking if for any a; £ AT there exists at least one state x' £ X such 

that x ► x' for some u E U; 

• accessible, if for any a; £ A there exists a finite number of transitions 
xq 1 » a;i " 2 ► . . . x from an initial state xq £ Ao to state x. 

Definition 4.2. Given two systems Si — (X,, Xo,i, C/j, — — »■ ,Yi,Hi) (i = 1,2), 

Si is a sub-system of S2, denoted Si C. S2, if Xi C A2, Xo,i C Ao,2, C/i Q Ui, 
— C — — * , Yi C y 2 , and Hi(x) — H2{x) for any x £ Xi. 

In the sequel we consider (alternating) approximate simulation relations [B] to 
relate properties of NCS and symbolic models. 

Definition 4.3. [1 [S] Let S t = (X u X ,i, U u , Y,iJ 4 ) (i = l,2j be metric 

systems with the same output sets Y\ — Y2 and metric d, and let e £ Rq~ be a given 
precision. Consider a relation 1Z C X\ x A2 satisfying the following conditions: 

(i) Vxi £ Ao,i 3a;2 £ Ao,2 such that (0:1,3:2) € 

(ii) V(ari,x 3 ) £ Tl, d{H 1 (x 1 ),H 2 (x 2 )) < e. 

Relation 1Z is an e-approximate simulation relation from Si to S2 if it enjoys 
conditions (i), (ii) and the following one: 

(iii) V(a; 1 ,a;2) £ 7Z \fxi 1 ► x[ 3x2 x' 2 such that [x'^x'^) £ TZ. 
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System Si is e -simulated by S2 or S2 e-simulates Si, denoted Si ^ £ S2, if there ex- 
ists an e-approximate simulation relation from Si to S2. Relation 1Z is an alternat- 
ing e-approximate (AeA) simulation relation from Si to S2 if it enjoys conditions 
(i), (ii) and the following one: 

(iii') \/(xi 1 X2) G 1Z Vtii G U\ 3u2 G U2 V^2 " 2 ► x' 2 3xi y ► x[ such that 
(x[,x' 2 ) G 1Z. 

System Si is alternating e -simulated by S2 or S2 alternating e-simulates Si, de- 
noted S\ S2, if there exists an AeA simulation relation from Si to S2. 

For more details on the above notions we refer to [SJ [SJ [5] . We conclude this 
section with the notion of approximate feedback composition, that is employed in 
the sequel to capture feedback interaction between non-deterministic systems and 
symbolic controllers. 

Definition 4.4. [3] Consider a pair of metric systems Si = (Xi, Xo,i, J7j, — — »■ ,Yi,Hi) 

(i = 1,2) with the same output sets Y\ — Y2 and metric d. Let 1Z be an A9A sim- 
ulation relation from S2 to S\. The 9 -approximate feedback composition of Si and 

S2, with composition relation 1Z, is the system Si x]^ S2 — (X,Xq,U, ,Y,H), 

where 

• X = 1Z- 1 ; 

• X = X n (X 0)1 x X , 2 ); 

• U = Ui; 

• (Xi,X2) *■ (Xi,x 2 ) if xi — x\ and X2 — r-*- x 2 ; 

• Y = Yi; 

• H(xi,x 2 ) = Hi(xi) for any (xi,x 2 ) G X. 

5. Symbolic Models for NCS 

In this section we propose symbolic models that approximate NCS in the sense 
of (alternating) approximate simulation. For notational simplicity we denote by 
u any constant control input u G IA s.t. u(t) = u at all times t G R + . Set 

X e = U Ne [ NiD . n . Nm:ix ]X N . 

Definition 5.1. [I] Given the NCS S, consider the system 
S'(S) = (X t ,X 0t ,U t , ► ,Y T ,H T ) 

T 

where: 

• X T is the subset of Xq U X e such that for any x — (xt, X2, £jv) G X t , 
with N G [AT m i n ; iVmax] , the following conditions hold: 

(3) x i+ i = x(t, Xi,u~), ie[l;JV — 2]); 

(4) x N = x(t,x N -i,u + ); 

for some constant functions u~ , u + G [U]^; 

• Xq, t = Xq; 

• U T = [U]^ U ; 
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1 u 9 L 

• x ► x , where 

T 

' 4 +1 =x(r,4,^),ie [l;JV x -2]; 
x Nl = x(t 7 x Ni _ 1 ,u 1 ); 
x i+i =x(r,a;f,U2),i e [l;N 2 -2]; 

* X N 2 = x ( r ! a; JV 2 -l! U 2 )i 

u 2 = u f; 
tit, = u; 

, a^i = x(r, , tt 2 ); 

/or some iVi, JV 2 G [-/V min ; iV max ]; 

• ^ = X T ; 

• H T (x) = x. 

Note that 5(E) is non-deterministic because, depending on the values of N 2 , 
more than one u-successor of x 1 may exist. Since the state vectors of 5(E) are built 
from trajectories of E sampled every r time units, 5(E) collects all the information 
of the NCS E available at the sensor (see Figure [T]) as formally stated in Theorem 
5.1 of 1 . System 5(E) can be regarded as metric with the metric dy r on Y T 
naturally induced by the metric dx(xx,x 2 ) = |[aci — x 2 \\ on X, as follows. Given 
any x l = (x\, x\, x % N .), i = 1,2, we set d YT (x 1 ,x 2 ) = maXj e [i ; jv] \\%\ ~ ^f||) if 
Ni = N 2 — N and dy r (x l ,x^) — +oo, otherwise. Although system 5(E) contains 
all the information of the NCS E available at the sensor, it is not a finite model. In 
the following, we propose a system that approximates 5(E) and is symbolic. A key 
property for our developments is the notion of incremental forward completeness, 
as recalled hereafter. 

Definition 5.2. [7] Control system {!]) is incrementally forward complete (S-FC) 
if it is forward complete and there exists a continuous function (3 : ffij x — > 
such that for every s G R + , the function /3(-,s) belongs to class /Coo, and for any 
Xi,x 2 G X , any r G R + , and any u G IA, the following condition is satisfied for all 
ie[Q,T]: 

\\x(t,x 1: u) - x(t,x 2 ,u)\\ < /?(||afi - x 2 \\,t). 

Incremental forward completeness requires the distance between two arbitrary 
trajectories to be bounded by a continuous function capturing the mismatch be- 
tween initial conditions. The class of 5-FC control systems is rather large and in- 
cludes also some subclasses of unstable control systems; for instance unstable linear 
systems are 5-FC. The notion of S-FC can be described in terms of Lyapunov-like 
functions. 

Definition 5.3. A smooth function V : X x X R is called a 5-FC Lyapunov 
function for the control system (OJ) if there exist A G R and K-oo functions a and a 
such that, for any xi,x 2 G X and any u G U , the following conditions hold true: 

(i) a(||a;i - x 2 \\) < V(xi,x 2 ) < a(\\xi - x 2 \\), 

(ii) §-J(x 1)U ) + ££/(x 2 ,u) < XV(xi,x 2 ). 

The existence of a S-FC Lyapunov function was proven in [7] to be a sufficient 
condition for S-FC of a control system. In the following we suppose that the control 
system P in the NCS E enjoys the following properties: 

(HI) There exists a 5-FC Lyapunov function V satisfying the inequality (ii) in 
Definition 15.31 for some A G R; 
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(H2) There exists a /Coo function 7 such that V(x, x') — V(x, x") < j(\\x' — x"\\), 

for every x, x' , x" G X. 
Given a design parameter r\ G R + , define the following system 
5*(E) = (X*, X a *, {/„, — — >-,y»,iJ») 

where: 

• X* is the subset of [XoUX e ] Mi such that for any x* — (x*, x%, —, x^r) G X* 
with TV € [iV m i n ; iV max ] the following condition holds: 

(5) V(x(r,x*,«,-),x* +1 )< e \( I ,) + 7 y, ie[l;JV-2]; 

(6) V r (x(T,a:^_ 1 ,u+),a:^) < e AT a(r?) + 7(^)5 
for some constant functions m+ G 

• ^* = [^k; 

• a; 1 — ^ x 2 , where 

' V(x(r,a^W +1 ) <e AT a(r ? )+ 7 (/ 1:c ), Vi € [1; iV x - 2]; 
y(x(T,xj Vi _ 1 ,u+),a;] Vi ) < e XT a{ij) +7(^)5 
V(x(t,x?,0,x? +1 ) <e AT a(77)+7(M^), Vi G [1;JV 2 - 2]; 
< V(x(t,x^ 2 _ 1; u+),x^ 2 ) < e Ar a(ry) +7(^x); 

«2 = u i> 

, V(x(r, x^ , u+), x? ) < e AT a(»7) + 7(^)5 

for some N 1: N 2 £ [N min ; N max ] ; 

• 1^* = X T ; 

• H*(x*) = x*. 

System 5* (S) is metric when we regard the set of outputs as being equipped 
with the metric dy T ■ We now have all the ingredients to present one of the main 
results of this paper. 

Theorem 5.4. Consider the NCS E and suppose that the control system P enjoys 
properties (HI) and (H2). Then for any desired precision e G IR + , any sampling 
time t G R + , any state quantization fi x G M + and any choice of the design param- 
eter T] G K + satisfying the inequality 

(7) /j, x < mm{p, x ,a~ 1 (a(e))} < 77, 
we have 5*(E) ^ 5(E) r< e 5*(E). 

Proof. First we prove that 5*(E) i^ 1 * 5(E), according to Definition 14.31 Consider 
the relation 1Z C X* x X T defined by (x*, x) G 7?. if and only if: 

• x* = (x*,xl,...,x* N ), x = (xi,x 2 , ...,xjv), for some TV G [N min ; iV max J; 

• y(x|,Xi) < a(er) for i G [l;iV]; 

• Eqns. ©, (gj, ©, © hold for some u~ = u~ and u+ = u+. 
Conditions (i) and (ii) in Definition 14 . 31 can be proven by using similar arguments 

employed in the proof of Theorem 5.8 in [TJ. We now show that condition (in') 
in Definition 14.31 holds. Consider any (x*,x) G 1Z, with x* = (x*, x|, x^), 
x = (xi, X2, xjv), for some N G [N m - m ; N max ], and any u* G £7*; then pick 

u = <E U T and consider any transition x — x, with x = (xi, X2, Xjy), for 
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some N G [N min ; N mllx ]. Pick x* = (ac^Xj, ■ •■,x* r ) defined by x* = [x l ] Mx for all i. 

We now prove that x* — ► x* is a transition of ^(E). First, from condition (i) in 
Definition 15.31 the definition of x and the first inequality in ([7]), one can write: 

(8) V{x*, Xi ) <a(fi x ) < a{a-\a{e))) = a(s) 

for all i. By Assumption (HI), condition (ii) in Definition 15. 31 writes: 

dV dV 

(9) dx% f( - X * N ' U * } + 9^ /(xjv ' U ] ~ XV ( x *n,^n). 

By considering Assumption (H2), the definitions of 1Z and S'(E), and by inte- 
grating the previous inequality, the following holds: 

(10) V(x(t, x* N ,ut),xl) < V(x(r, x* N ,u+), 2i) + 7 (Pl - SJH) 

<e AT F(^,3JA,) + 7 (||xi-^||) 

< e Ar a(e) + 7 (/i x ) < e^o^) + 1 { l x x ), 

where condition e < r/ in ([7]) has been used in the last step. By similar computations, 
it is possible to prove that the inequality in (JSJ) implies: 

(11) y(x(r,x*, W +),x* +1 ) < e kT a(rj) + j(fi x ), i£[l;N-2}; 

(12) V(x(T,x* N _ 1 ,u :t ),x* N ) < e XT a{i]) +j(p x ). 

Hence, from the inequalities in (p~0|) (jT2 |) and from the definition of the transition 

relation in the transition x* — ► x* is in S*(S), implying with © that 

(x*,x) £ 1Z, which concludes the proof of condition (hi') of Definition 14.31 We 
now prove 5(E) ^ e <S*(E), according to Definition 14. 3[ by considering the relation 
TlT 1 . We prove condition (iii) in Definition 14.31 because the proof of condition (i) 
is given in [T], while condition (ii) is fulfilled for the relation 1Z _1 because it has 
been proved to hold for 1Z. Consider any (x,x*) £ 1Z~ 1 , with x = (xi,X2, ...,xjv)j 

x* = [x*,X2, ...,Xjy), for some N G [iV m i n ; iVmax]) an d any transition x — — ► x in 
S'(E), for some u £ U T , with x = (xi, X2, Xjy) for some N G [AT m i„; iV max ]. Pick 
x* = (x*, x'2, xlk) defined by x* = [xjj^ for all i. By using similar arguments as 
in the proof of condition (iii') of Definition 14.31 for the relation 7Z, it is possible to 

show that the transition x* "* ► x* , with = u, is in ^(E), and that V(xi, x*)< 
a(e) for all i, hence (x, x*) G 1Z -1 , which concludes the proof. □ 

This result is important because it provides symbolic models for possibly unstable 
nonlinear NCS, with guaranteed approximation bounds. This result generalizes the 
ones in [1], which instead require incrementally stable NCS. 

6. Robust symbolic Control Design 

We consider a control design problem where the NCS E has to satisfy a given 
specification robustly with respect to the non-idealities of the communication net- 
work. Our specification is a collection of transitions — — »- C X q x X q , where X q 

is a finite subset of W 1 . Given a set of initial states X® C X q , we now reformulate 
the specification in the form of the system 

2= (Xq,X°,U q , ^* ,Y q ,H q ), 

where: 
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• X q is the subset of X® U ^Ujve[Af ■ -n ] ■^■q f ) such that for any x = 
(xi,x 2 ,—,x N ) 6 X q , with N e [N min ; N max ], for any i e [1;N - 1], the 

transition Xi ► Xi+i is in — — ► ; 

i i 

• X q = Xq>; 

• U q = {u q }, where u q is a dummy symbol; 

• x 1 u * - x 2 , where x 1 = (x\, x\, x^), x 2 = {x\, x\, x 2 Ni ), Ni,N 2 G 
[N m in',N maK ] and the transition x ] Ni ► x\ is in — ; 

• Yj = ^g! 

• H q = l Xq , 

where N m i n and iV max are as in ([2]). We are now ready to state the control 
problem that we address in this section. 

Problem 6.1. Consider the NCS E, a specification Q and a desired precision 
e S K + . Find a symbolic controller C , a parameter 6 £ K + and a AO A simulation 
relation 1Z from C to S(Yi) such that: 

(1) 0^S(E) xfC<e Q; 

(2) 5(5]) C is non-blocking. 

Note that the approximate similarity inclusion in (1) requires the state trajec- 
tories of the NCS to be close to the ones of specification Q up to the accuracy e 
robustly with respect to the non-determinism imposed by the network. The non- 
blocking condition (2) prevents deadlocks in the interaction between the plant and 
the controller. In the following definition, we provide the controller C* that is 
shown in the sequel to solve Problem 16. II 

Definition 6.2. Let C* be the maximal non-blocking sub-systenQ C of S*(T<) such 
that C Q and C ^g 1 ' &(£). 

From the above definition it is easy to see that C* is symbolic. The following 
technical result will be useful in the sequel. 

Lemma 6.3. Let Si = (Xi, Xoj,Ui, — — ► , Yi,Hi) (i — 1, 2, 3 J be metric systems 

with the same output sets Y\ = Y 2 = Y3 and metric d. Then the following statements 
hold: 

(i) for any e\ < e 2 , Si S 2 implies Si S 2 ; 

(ii) if Si I* S 2 and S 2 ^ Ss then Si ^ 2+£23 S 3 ; 

(iii) for any 9 e Rq~ and any A9A simulation relation 1Z from S 2 to Si , 
Si xfS 2 S 2 . 

We are now ready to solve Problem 16. II 

Theorem 6.4. Consider the NCS E and the specification Q. Suppose that the 
control system P in E enjoys Assumptions (HI) and (H2). Then for any desired 
precision e G K + . choose the parameters 9,fx x ,r] S R + such that: 

(13) ^ + 9<e, 

(14) fi x <mm{fi Xl a' 1 {a(9))} <9< V . 



Here maximality is defined with respect to the preorder induced by the notion of AOA 
simulation. 
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Let 1Z be the maximal A9A simulation relatioi^ from C* to 5(E). If 7Z ^ 0, 
Problem \6.1\ is solved with C = C* and 1Z = 1Z. 

Proof. First we prove condition (1) of Problem 16.11 From Definition 16.21 C* ^Q lt 
5*(E). Furthermore, condition ([14]) implies that 5*(E) <f* 5(E) from Theorem 
EH Hence from Lemma EU (ii), C* 5(E). Let H be the maximal AO A 

simulation relation from C* to 5(E). From Lemma IQ1 (hi). 5(E) xf C* <e C*. 
Since C* ;< Mx Q from Definition 16. 21 by Proposition 2 in [2] the above approximate 
similarity inclusions imply 5(E) x^C* ^ e Q, which concludes the proof of condition 
(1) of Problem O 

We now show that condition (2) holds. Consider any state (x, x c ) of 5(E) x^C*. 
Pick any u c £ U c (x c ) ^ because C* is non-blocking. Since (x c , x) belongs to the 
maximal Ad A simulation TZ relation from C* to 5(E), there exists u G U T (x) s.t. 

for any x — ^-»- x' in 5(E) there exists x c ° > x' c in C* with (x' c ,x') s TZ. Hence, 

from Definition 14.41 the transition (x,x c ) — — ► (x',x' c ) is in 5(E) xf- C* , implying 
that 5(E) xf C* is nonlocking, which concludes the proof. □ 

7. Integrated Design of Symbolic Controllers 

The construction of the symbolic controller C* relies upon the procedure illus- 
trated in Algorithm [TJ 

1 Compute the system 5*(E); 

2 Compute the system Q from the transition relation — r-*- ; 

3 Compute the controller C* . 

Algorithm T: Construction of the controller C*. 

This procedure is not efficient from the computational complexity point of view, 
because: 

(i) It requires the preliminary construction of the symbolic system 5*(E), rep- 
resenting the NCS, and of the system Q, representing the specification. 

(ii) It considers the whole state space of the plant P, while a more efficient 
algorithm would consider only the accessible par10 of P. 

In order to cope with the drawbacks listed above, inspired by the integrated pro- 
cedure developed in [J for the simpler case of symbolic control design of nonlinear 
systems, we now present a procedure that integrates each step of Algorithm]]] in one 
algorithm. The pseudo-code of the proposed procedure is reported in Algorithm [5] 
and Algorithm [3J Algorithm [5] is the main one while Algorithm [3] introduces func- 
tion BuildTree that is used in Algorithm [2j The outcome of Algorithm [2] is the 
symbolic controller C** . In the sequel, line i of Algorithm j will be recalled as line 
j.i. Algorithm [2] proceeds as follows. In line 2.2 the set ^target of to-be-processed 
states is initialized and the set Bad of blocking states is empty. At each basic step, 
Algorithm [5] processes a (non-processed) state x in line 2.4. The test in line 2.6 
verifies the existence of a control input u such that all the states (collected in the 
vector x(iV m i n T:iV max T, x, u)) that are reachable from x in the plant in time intervals 

2 The maximal Ad A simulation relation is the unique ABA simulation relation that contains all 
the ABA simulation relations. 

■^The accessible part of a system S is the unique accessible system Ac(S) such that S' C 
Ac(S) C S, for any accessible system S' C S. 
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from A^minT to iVmaxT are also reachable (up to the accuracy 9) in the specification 
through a path of length between iV m i n and -ZV max . If that happens, the control 
input u is good for state x (it is added to the controller in line 2.7) and function 
BuildTree is called (line 2.14) from all the states reached in the plant that are 
not equal to the state x that is being processed (lines 2.11-2.12). If there exists a 
controller fulfilling the specification for all those states, the boolean variable Found 
is set to true and a solution is found (lines 2.24-2.25), otherwise it is guaranteed 
that C* defined in Definition 16.21 is empty. Algorithm [3] (function BuildTree) 
checks the existence of a control input starting from the current state such that the 
specification is fulfilled robustly, up to the precision 6. If that happens, the control 
input is added to the controller (line 3.5) and function BuildTree itself is called 
(line 3.13) recursively from all the states reached in the plant that have not been 
processed yet (lines 3.8-3.11). If there exists a controller fulfilling the specification 
for all those states, the function returns true (line 3.16), otherwise (line 3.19) it 
returns false and the current state is added to the set of bad states (line 3.20). 
Termination, correctness and complexity of the integrated procedure are discussed 
in the remainder of this section. 

Theorem 7.1. Algorithm^ terminates in a finite number of steps. 

Proof. Algorithm [2] terminates when there are no more states x in ^target to be 
processed. Line 2.21 ensures that the iteration in line 2.3 is run at most once for 
any state x in X tarffet . Furthermore, the function BuildTree cannot be executed 
recursively on the same state (that would block the procedure). In fact, if condition 
in line 3.3 is satisfied, the execution of line 3.5 implies that state x will enjoy the 
condition in line 3.8, hence preventing the recursive execution of line 3.13. Similarly, 
if a state x becomes bad (line 3.20), it will satisfy condition in line 3.10 in successive 
iterations, hence preventing the recursive execution of line 3.13. □ 

We now show that the controller C**, synthesized in Algorithm^ solves Problem 

O 

Theorem 7.2. Let S c i(Yi) be the maximal sub-system of S(S) including all the 
transitions x 1 — — »- x 2 in S(H), with x 1 = (x\, x\, x l N .), i — 1,2, such that 
U = C**(Xff ). Then S c i(T,) ^ £ Q and S c i(E) is non-blocking. 

Proof. Condition (1) is ensured by the conditions in lines 2.9 and 3.6, that are 
required for adding control pairs (x, u) to the controller. The non-blocking condition 
(2) is ensured because function BuildTree returns true only if all the states that 
are reached in a time between N^^t and A^ max r are already in the domain of the 
controller (lines 3.8, 3.9 and 3.16). This implies that an execution from those states 
is well-defined and fulfills the specification. □ 

Theorem 17.21 extends the results reported in [I] from stable nonlinear control 
systems to S-FC nonlinear NCS. Finally, a comparison of the following results shows 
that the space complexity of Algorithm [2] is smaller than or equal to the one of 
Algorithm [TJ 

Proposition 7.3. The space complexity of Algorithm^ is 0(|[A"] A1 J Armax_A ' min+1 ). 
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1 Input: NCS S, specification Q, precision e G IR + , quantization 
parameters 9,(j, x ,r) G M + satisfying the inequalities in (fT3HT4|) ; 

2 Init: Xtarget = {x p G ^o,* : 3x D G X° : ||x p -a; 9 || < 0}, global Bad = 
global C**, found = false; 



3 while X 



4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



target 



=/= A found == false do 



choose x G X 



target > 



u 



target 



E/*; 



while Utarget ^ A f ound == false do 

Choose 71 G Utarget; 

C*** = 0; 

if x(7V m i n r:A^ max T, a;, it) meets Q up to 9 then 
for -/V = AT min : iV max do 

if 3x c G Domain(C**) : ||x(iVr, x, «)] — x c 
[ Flagpf = true; 
else 

| Flag N = Build r Eree([x(iVT,a;,u)] /i J; 
end 
end 
end 



< 6 then 



found = An'=n,^ Fla 9 



JN, 



u 



targe 



t = u 



target 



\W; 



end 

^-target ^-target \ i 



22 end 

23 if found 

24 



= true then 
C**(x) = it; 

Controller found successfully! 

26 else 

27 | C"** = 0; 

28 end 

29 output: C**. 



Algorithm 2: Integrated Symbolic Control Design. 



Proof. Algorithm [T] requires the construction of the symbolic model S*(Y,) and the 
states of this model have AT max — A m ; n + 1 components, implying a space complexity 



Proposition 7.4. TTie space complexity of Algorithm^ is |). 

Proof. Algorithm [2] constructs a controller in form of a function C : [X]p x —> [U]^ 
without requiring the construction of S*(S). Since the integrated controller keeps 
at most one input for each state, the complexity of that object is bounded by 
0(|[A] Ux |). The memory occupation of the set Bad is also 0(|[A] Ux |), while other 
variables have fixed sizes. □ 
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4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 



1 Function flag =Build r Tree(a;); 

2 Init: flag = false, V target = U*\ 

3 while U target ^ A flag == false do 

Choose U G U 'target ] 

C**(x) = u; 

if x(iV m i n T:A^ max T, x, u) meets Q up 9 then 



x(Nt, x, u)] — x c \\ < 8 then 



if Bx c G Domain(C** 

| flagN = true; 
else if [x(7Vt, x, u)]^ G Bad then 
| flag N = false; 
else 

| flagN — BuildTree([x(iVT, x, 
end 
end 

i <; flag = /\ N ™ Nm . n flag N ; 

17 end 
is end 

19 if flag == false then 

20 | Bad = Bad U {a;}; 

21 end 



Algorithm 3: Recursive computation of subcontrollers. 



An Illustrative Example 



We consider the model of a unicycle P described by the following differential 
equation: 

ill cos(x3) 

f(x,u) = 



(15) 



%3 



ui sin(a;3) 

"2 



where the state x belongs to the set X = Xq = [— 1, 1[ x [— 1, 1[ x [— tt, tt[ and the 
control input u belongs to the set U = [— 1, 1[ x [— 1, 1[. The state quantities are 
the 2D-coordinates of the center of the vehicle and its orientation, while the inputs 
are the forward and angular velocity. By choosing the quadratic Lyapunov-like 
function V(x,x') = 0.5 \\x — x'\\\ it is possible to show that control system (fT5|) 
is (5-FC. The network/computation parameters are -B max = 1 kbit/s, r = 0.2s, 
A££ _= 0.001s, A^ x = 0.01s, A^x = 0.05s, A d J^ = 0.02s, = 0.1s, 

resulting in iV m i n = 1, -/V max = 2 from Eqn. ([2]). In order to construct a symbolic 
model for E, we apply Theorem 15.41 Assumptions (H1)-(H2) are fulfilled for P 
with A = 2ui, max and j(r) — 2irr. For a precision e = 0.15, and the choice 
of parameters r\ = 0.11, fi x = 0.02 and fi u — 0.25, the inequality in ([7]) holds. 
We now consider a specification given in the form of a motion planning problem 
with respect to the position variables xi and X2 of the unicycle. Starting from 
the origin, the vehicle is required to follow a trajectory visiting (in order) the 4 
regions of the plane Z x = [0,l[x[0,l[, Z 2 = [-1, 0[x [0, 1[, Z 3 = [-1, 0[x [-1, 0[, 
and Z/i = [0, l[x [— 1, 0[, to finally go back to a neighbourhood of the origin. For 
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the choice of the interconnection parameter 9 = 0.9e, Theorem 16.41 holds and the 
controller C* from Definition (|6.2[) solves the control problem. We also solve the 
problem by means of the integrated procedure illustrated in Section [7] and in the 
following we compare the results in terms of the computational complexity needed 
to construct C* and C** . The total memory occupation and time required to 
construct C** are respectively 1345 integers and 916 s. We did not compute the 
controller C* ; estimates of space complexity and time complexity in constructing 
C* result respectively in 5.8 • 10 12 integers and 4.19 • 10 6 s. In Figures[2H31 we show 
the simulation results for a particular realization of the network uncertainties: it is 
easy to see that the specifications are indeed met. 



* 




Figure 2. State trajectory of the NCS E. 



9. Conclusions 

In this paper we proposed an integrated symbolic design approach to nonlinear 
NCS. Under the assumption of incremental forward completeness, symbolic models 
were derived which approximate NCS in the sense of (alternating) approximate sim- 
ulation. Symbolic control design of NCS was then addressed where specifications are 
expressed in terms of automata. Finally efficient algorithms were proposed which 
integrate the construction of symbolic models with the design of robust symbolic 
controllers. 
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